We don't offer an on-premise version, but we do have customers testing environments not accessible to the public internet. They're doing it by allow-listing a static IP and we configure all traffic to come from that IP for that account. There's other options if a static IP allow-list doesn't work - we've specced an approach for a prospect where we would set up an agent inside their firewall that we use to access their internal environments. This is an approach used by other tools to access secured environments - we haven't done it ourselves yet though.